In early October 2013, McDonald Hopkins reported (Adobe Hacked) that Adobe experienced a data breach whereby hackers obtained access to credit card information and other personal data from 2.9 million customers.
Recently, however, Adobe acknowledged that the breach has impacted far more users. Indeed, 38 million have been affected – over 13 times the amount originally reported. Adobe became aware that the breach reached greater depths when a huge file called “users.tar.gz” surfaced, which appears to include more than 150 million username and hashed password pairs taken from Adobe.
Adobe spokesperson Heather Edell said the company has just completed a campaign to contact active users whose user IDs with valid, encrypted password information was stolen, urging those users to reset their passwords.
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and encrypted passwords for approximately 38 million active users,” Edell said. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
In an attempt to remedy the situation, Adobe has offered a year’s worth of credit monitoring to customers whose encrypted credit card data was stolen in the breach.